URL: | http://fovanab.world/ |
Full analysis: | https://app.any.run/tasks/8481c8d9-000e-41fa-9f3c-bd3cb28dedbd |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 09:25:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 17FFAC9A227741A0493B9B60023D2437 |
SHA1: | C0C2232EEC29B4426891BDA308E3C27760832320 |
SHA256: | 85FB1775DA87B4953F377A298B0099F7B21DF99D7DA836602C7BEDCB4A092B6C |
SSDEEP: | 3:N1KYIL5Xyn:CYII |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2860 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://fovanab.world/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3348 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2860 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\templatemo_content_bottom_bg[1].jpg | image | |
MD5:A9FBBFE18E151466983711EAC29970E4 | SHA256:D275B0D267CB4FB67BE9589F67FC3F817E8AF87E5889D7689480BA21DD57A9C2 | |||
3348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\templatemo_bg[1].jpg | image | |
MD5:2955EBEBF412226677C21BEABC30027D | SHA256:1F8CE42F99168C469F7CEA08689B4D6A365C06D546EBC633AAFBB807DCEB4AC1 | |||
3348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\templatemo_title_bg[1].jpg | image | |
MD5:5872966C8C659E141C03FDDA77DA07B9 | SHA256:3E6C15C4E7B9ED4FD0B1C234AB77B5CC0CE17F73259B7CCB2BE71D355A280675 | |||
3348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\templatemo_content_bg[1].jpg | image | |
MD5:D1C0EEE9DD657D4415E49394C129C520 | SHA256:5D8230DD39287CC9721C7C42B9D8478B5E00220B98B5F0AEFD52E113214D70AF | |||
3348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].css | text | |
MD5:0E03B980399D51173A6E0A9A89602D85 | SHA256:6BC804F5617156399AEECC57E3503E69AE9E92EABDFD286EC20569CBF98BFC0C | |||
2860 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:AEF3E47E85D04318D19813601D23C6E5 | SHA256:6199BEC27A62FAE649300723DA53808CE8E99C4DC12F7824443101104786FF9A | |||
3348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\templatemo_banner_bg[1].jpg | image | |
MD5:F1033D58772133A346118C23E7A5A508 | SHA256:12224DCA331032264A8C38C2B9B7E36F36AA7A217AE0F40D63BC7897B9A625F3 | |||
3348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\LI9HEVDN.htm | html | |
MD5:3395A862FF51370735D9C094734FB378 | SHA256:27AB06B7397748426D955DD324321584B4DD84A7B97ABFECAE947EBCDC77A2DC | |||
2860 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:790E40386A5478B54787C28956E029D7 | SHA256:2A14CA44FA89C53F53111C7CAAE9155A460FA162BD822CCEAF7B7F74B8390557 | |||
3348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\templatemo_bottom_section_bg[1].jpg | image | |
MD5:5E5DE4CDECABFCBF15063F47954F7B2E | SHA256:08919E27287FE0C42F5265963B952F9BEB6E6AA1D6B598F1AF49F9D705FABE8B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3348 | iexplore.exe | GET | 200 | 69.39.239.44:80 | http://fovanab.world/ | US | html | 2.32 Kb | suspicious |
3348 | iexplore.exe | GET | 200 | 69.39.239.44:80 | http://fovanab.world/images/templatemo_bg.jpg | US | image | 595 b | suspicious |
3348 | iexplore.exe | GET | 200 | 69.39.239.44:80 | http://fovanab.world/images/style.css | US | text | 4.40 Kb | suspicious |
2860 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3348 | iexplore.exe | GET | 200 | 69.39.239.44:80 | http://fovanab.world/images/templatemo_menu_divider.jpg | US | image | 353 b | suspicious |
3348 | iexplore.exe | GET | 200 | 69.39.239.44:80 | http://fovanab.world/images/templatemo_menu_bg.jpg | US | image | 6.06 Kb | suspicious |
3348 | iexplore.exe | GET | 200 | 69.39.239.44:80 | http://fovanab.world/images/templatemo_bottom_section_bg.jpg | US | image | 5.61 Kb | suspicious |
2860 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8b525615f1002530 | US | compressed | 4.70 Kb | whitelisted |
3348 | iexplore.exe | GET | 200 | 69.39.239.44:80 | http://fovanab.world/images/templatemo_title_bg.jpg | US | image | 8.27 Kb | suspicious |
3348 | iexplore.exe | GET | 200 | 69.39.239.44:80 | http://fovanab.world/images/templatemo_content_bg.jpg | US | image | 555 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3348 | iexplore.exe | 69.39.239.44:80 | fovanab.world | GigeNET | US | suspicious |
— | — | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2860 | iexplore.exe | 69.39.239.44:80 | fovanab.world | GigeNET | US | suspicious |
— | — | 69.39.239.44:80 | fovanab.world | GigeNET | US | suspicious |
2860 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2860 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2860 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2860 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2860 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
fovanab.world |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .world TLD |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |
3348 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.world Domain |